With increasingly digitized systems, securing user authentication has become an important priority. HYPR and Vanson Bourne released the 2023 State of Passwordless Security Report. The report found that insecure authentication is a primary cause of cyber breaches and that cumbersome login methods take an unacceptable toll on employees and business productivity. 

The cost of breaches to organizations is profound, with 35% suffering reputation damage, 36% losing customers to their competition, 53% experiencing critical data loss and 56% facing significant financial loss. Despite these tremendous costs, 58% of organizations said they kept the same insecure authentication methods after facing a breach. Legacy authentication has other material consequences. User experience is a major pain point as reported by 64% of IT and security leaders with nearly one third (31%) of organizations finding workforce resistance towards using authentication technology.

The report derives insights from over 1,000 IT security professionals. Key research findings include:

  • 60% of organizations reported authentication breaches over the last 12 months.
  • Three out of the top four attack vectors are connected to authentication.
  • 58% of organizations kept their insecure authentication methods following a breach.
  • Authentication-related breaches cost each organization $2.95 million in the last 12 months, on average.
  • Companies spent an average of $375 per employee per year in help desk costs on password-related issues.
  • On average, employees navigate four different authentication methods daily.
  • 81% of respondents were blocked from work-critical information due to forgetting their password.
  • Of organizations that state they use passwordless authentication for employees, the term passwordless is widely misunderstood: only 3% are using phishing-resistant passwordless methods.
  • 28% of organizations were hit by push notification attacks (MFA bombing), more than double the number reported previously.
  • The financial services and the energy and utilities sectors were the most affected by cyberattacks, experiencing a 20% higher rate of push attacks than average.
  • 86% of IT/IS security decision makers believe that passwordless authentication provides the highest level of authentication security.
  • 86% also believe that passwordless authentication is needed to ensure user satisfaction.

Download a copy of the report here.